Posts Tagged ‘Cybersecurity threats 2014’

Wordpress VulnerabilitiesThe researchers emphasize that the gaps in the free app puts at risk the safety of hundreds of thousands of web resources.

According to the Walter Hop’s notification, a security researcher and founder of Netherlands-based Web development company Slik, he was able to find a number of vulnerabilities in popular free application InfiniteWP Admin Panel, which use administrators of the content management system WordPress.

According to the developers of the affected product, for all the history of the project, it has been downloaded at least 875,000 times and is utilized by over 318,000 web sites. With it, administrators can work with multiple installations through one control panel. (more…)

Wordpress VulnerabilitiesDangerous vulnerability in the popular (around 850,000 downloads) WordPress Download Manager plugin. The vulnerability was discovered and disclosed last week. Exploitation of this vulnerability allows an attacker to take remotely control of the target web-site through the introduction of backdoors and modify user passwords.

Specialists of the company Sucuri found dangerous vulnerability in the WordPress Download Manager Plugin. Exploitation of this flaw allows an remote attacker to gain control of the target web-site through the introduction of backdoors and modification of user passwords. (more…)

Wordpress VulnerabilitiesPrivilege escalation and potential Object Injection vulnerability. The vulnerability allows a remote user to cause a denial of service and data manipulation.

Danger level: average
The presence of fixes: Yes
The number of vulnerabilities: 1
CVSSv2 rating: (AV: N / AC: L / Au: N / C: N / I: P / A: P / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7

Vector of operation: Remote
Impact: Denial of service, Unauthorized modification of data (more…)

Wordpress VulnerabilitiesNew multiple vulnerabilities have been discovered in WordPress Content Management System which allows a remote user to take control of the affected system.

Danger level: Medium
Availability of fixes: Yes
Number of vulnerabilities: 4

CVE ID: No Information

Vector of operation: Remote
Impact: Cross-site scripting, Denial of service, Security Bypass (more…)

Apple vulnerabilitiesMultiple Vulnerabilities in Apple OS X, Apple iOS, and Apple TV

Danger level: High
Availability fixes: Yes
Number of vulnerabilities: 7

CVE ID: CVE-2014-4451, CVE-2014-4452, CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4462, CVE-2014-4463

Vector of operation: Remote
Impact: Disclosure of sensitive data, Security Bypass, system compromise

Affected Products: Apple Macintosh OS X, Apple iOS 8.x, Apple TV 7.x
Affected versions: Apple OS X versions up to 10.10.1, Apple iOS versions up to 8.1.1, Apple TV to version 7.0.2 (more…)

Vulnerabilities 2014Buffer Overflow vulnerability in Info-Zip utility

A local user can elevate their privileges on the target system.

Danger level: Low
Availability fixes: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: L / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 6.9 / Temporal: 5.1
CVE ID: CVE-2004-1010

Vector of operation: Local
Impact: Privilege escalation (Buffer Overflow) (more…)